sakula | 03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f | Triage

Submit
Reports

Overview

overview

Static

static

03e9eb0a1e...3f.exe

windows7_x64

03e9eb0a1e...3f.exe

windows10-2004_x64

Sharing

General

Target

03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f
Size

176KB
Sample

220212-nrb24abgg7
MD5

3d66e584157583e745584462cafd70da
SHA1

6db3ecbf863469c0f9c0484156c702cb9ca2a023
SHA256

03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f
SHA512

93c1740d3915a77e6afcf20c07762741e22aa07dbb6245b9ddb329932cfbb203da45273783c5a539b402e7607cda73cbb81d32b84093b126691fc1a8e5cf5017

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f
- Size
  
  176KB
- MD5
  
  3d66e584157583e745584462cafd70da
- SHA1
  
  6db3ecbf863469c0f9c0484156c702cb9ca2a023
- SHA256
  
  03e9eb0a1e1e7ad7a9f47da384da6237671037250e24c37d8bb9fdc4c5c7983f
- SHA512
  
  93c1740d3915a77e6afcf20c07762741e22aa07dbb6245b9ddb329932cfbb203da45273783c5a539b402e7607cda73cbb81d32b84093b126691fc1a8e5cf5017
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy